Mobile Computing Security Baseline Working Group (MCSBWG) Mobile Technology Tiger Team (MTTT)
• Mobile Use Cases and Technological Centers of Gravity
• Target Architecture • Mobile Computing Decision Framework ▫ Mission Requirements ▫ Decision Balance ▫ Tailoring Risk ▫ Results
2
Use Cases
Mobile Use Cases and Technological Centers of Gravity
3
MDM
MAS
ICAM
Data
Target Architecture
Mobile Computing Decision Framework
5
Mission Requirements ▫ Manage Mobile
Users
Data
Location
6
Decision Balance
• Security • Economics • Capabilities
7
Security
Capabilities Economics
Tailoring Risk
• Policy
• Legal
• Technology
• Operations
• Privacy
• Security
• Financial
8
Financial
Policy
Legal
Technology Operations
Privacy
Security
1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5 1 2 3 4 5
For Example Only
Results Buckets
• Policy • Legal • Technology • Operations • Privacy • Security • Financial
9
Management
Technical
Operational
Results - Policy • Policy • Legal • Technology • Operations • Privacy • Security • Financial
• AC-1 T • AC-2 T • AC-2(1) T • AC-2(3) T • AC-2(4) T • AC-2(12)r4 T • AC-7(1) T • AC-7(2) T • …
10
Results – MDM – Policy Gravity Requirement Description Threshold
or Objective Type Control M/O/T
MDM PLCY-AC-2 A formal documented policy that describes all access controls/ requirement
T M
PLCY-AC-2(4)
Account mgmt activity is audited - personnel responsible for acct mgmt are notified of activity/changes
T O
… … … …
11